Health Information Privacy (HIPAA)
All employer-sponsored group health plans except self-insured plans with 50 or fewer participants.
U.S. Department of Health and Human Services has developed a regulation governing privacy of individual's health records and information, and access to medical records. All protected health information (PHI) which includes any individually identifiable health information are protected, including electronic and paper records and oral communications. The standards are aimed at ensuring the privacy of PHI (i.e., information that can be associated with a specific individual).
The regulation applies to health plans, healthcare clearinghouses, and healthcare providers. Employers who self-insure or are heavily involved in the administration of their health plans are directly affected. Any employer that sponsors a health plan will be at least indirectly affected.
Individuals must be able to see and obtain copies of their records, request amendments to the records, and be given a history of most disclosures upon request. Healthcare providers must receive patient authorization to disclose information. Individuals must be given detailed written information concerning their privacy rights. Employers that sponsor health plans may not use PHI held by the plan for employment-related purposes.